inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-10-31 13:15:43 +00:00
Code Activity
17,174 Commits 6 Branches 132 Tags
8152ccee995af07be015b3a065f45ab5b79b8529
Commit Graph

12 Commits

Author SHA1 Message Date
Matthias Mair
7a984f831f bump backend deps (#9713) 
* bump backend deps

* lower xmlsec to fix build

* add permament pin

* lower allauth as there are api changes

* unify dependabot config
 2025-06-02 11:26:49 +10:00
Matthias Mair
9ab82a187e fix(ci): dependabot config (#9514) 
* fix(ci): dependabot config

* bump now updatable lingui/cli
 2025-04-16 08:04:54 +10:00
Matthias Mair
9bc0d599bc chore: improve ci security (#9384) 
* pin docker files

* pin github actions

* enforce hashes that are already present

* run style checks on cicd changes
 2025-03-26 13:04:45 +11:00
Matthias Mair
6863b4fcdd Fix dependabot version detection (#9080) 
* Revert "lower runtime to try fix dependabot resolution (#9031)"

This reverts commit 72c077c861.

* this should temporarly fix dependabot
 2025-02-15 07:45:49 +11:00
Matthias Mair
72c077c861 lower runtime to try fix dependabot resolution (#9031) 
* lower runtime to fix dependabot resolution

* Revert "split up python updates and assign to @matmair for manual fixes where necessary (#8772)"

This reverts commit 04d7a96dde.
 2025-02-05 09:23:16 +11:00
Matthias Mair
04d7a96dde split up python updates and assign to @matmair for manual fixes where necessary (#8772) 2024-12-27 08:14:32 +11:00
Matthias Mair
6c089d3869 fix path to CI dependencies (#7755) 2024-07-30 20:53:02 +10:00
dependabot[bot]
acdf7f5ec0 Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs (#7212) 
* Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs

Bumps [mkdocstrings[python]](https://github.com/mkdocstrings/mkdocstrings) from 0.25.0 to 0.25.1.
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.25.0...0.25.1)

---
updated-dependencies:
- dependency-name: mkdocstrings[python]
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix req

* bump rest of docs reqs

* group dependabot settings

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
 2024-05-22 09:29:51 +10:00
Matthias Mair
83191d3fbf Improve reproduciblity of image (#7120) 
* hard-pin doc requirements

* update docs and commands

* hard pin container requirements

* check hashes in image build

* remove seperate uv install (is in base_requirements)

* containers already ships 3.11 - adjust packaging

* move build deps to general ci requirements

* install yarn using native tools

Closes https://github.com/inventree/InvenTree/security/code-scanning/95
Closes https://github.com/inventree/InvenTree/security/code-scanning/96

* merge install steps

* adapt install command args to be similar

* adapt docs to suggest safer install arg

* fix install path

* update dependabot settings
 2024-04-29 11:04:45 +10:00
Matthias Mair
2e0b197457 Group dependabot PRs per ecosystem (#7098) 2024-04-23 08:19:26 +10:00
Matthias Mair
7b77fd31a7 Cleanups for refactor (#6933) 
* adjust depandabot targets and interval

* add git blame ignore to make git diff more useable

* adjust test path

* fix ci path
 2024-04-03 19:59:02 +11:00
Matthias Mair
b46b200101 Add OSSF Scorecard (#6769) 
* Create scorecard.yml

* Add badge

* disable publishing

* Add security improvements (#181)

* Add OSSF Scorecard (#179)

* Create scorecard.yml

* Add badge

* disable publishing

* [StepSecurity] Apply security best practices (#180)

* [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

* Update .pre-commit-config.yaml

* Update dependabot.yml

* Delete .github/workflows/dependency-review.yml

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Matthias Mair <code@mjmair.com>

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>

* Update to upstream project

* disable shellcheck for now

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
 2024-03-21 10:11:49 +11:00